Hi, On Mon, Jul 24, 2017 at 10:26:40PM +0100, Conrad Hughes wrote: [...] > Origin: <vendor|upstream|other>, <url of original patch> > Bug: <url in upstream bugtracker> > Bug-Debian: https://bugs.debian.org/<bugnumber> > Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber> > Forwarded: <no|not-needed|url proving that it has been forwarded> > Reviewed-By: <name and email of someone who approved the patch> > Last-Update: 2017-07-24 > > --- libutempter-1.1.6.orig/utempter.c > +++ libutempter-1.1.6/utempter.c > @@ -241,7 +241,7 @@ main(int argc, const char *argv[]) > exit(EXIT_FAILURE); > } > > - device = ptsname(STDIN_FILENO); > + device = ttyname(STDIN_FILENO); > > if (!device) > {
Replacing ptsname() with ttyname() would allow to use privileged utempter helper for adding unauthorized records. For example, regular clients of slave pseudo-terminal devices would be able to add such records, which would be a security vulnerability. The ptsname() invocation is correct. Please ensure that - STDIN_FILENO is a valid file descriptor corresponding to a properly configured pseudo-terminal master device; - operating system is not mis-configured and ptsname() works properly. I'd like to remind you the following part of documentation: "utempter_add_record() function adds a login record to the database for the TTY belonging to the pseudo-terminal master file descriptor fd." Please forward this information to whom it may concern. -- ldv
